WebApp Sec mailing list archives
RE: Writing to a local file without a warning
From: "Griffiths, Ian" <Ian.Griffiths () liv-coll ac uk>
Date: Tue, 28 Mar 2006 19:44:41 +0100
If I'm understanding you correctly, a web server would be far better solution. If the survey isn't too complicated then the code to save the answers shouldn't be either. Ian -----Original Message----- From: Frank Heyne [mailto:fh () rcs urz tu-dresden de] Sent: 28 March 2006 17:33 To: webappsec () securityfocus com Subject: Writing to a local file without a warning Hello, this is more about webappinsec, but anyway I hope to get a hint whether what I need to do is possible at all. You can answer offline, if you prefer. Question: Is it possible to write a local file from a ht* file without the interception of a warning or other dialog? Task: There is a standalone Windows machine with a html page from where people can view information stored in local files with IE. It is nearly like a kiosk, except the following: There is a questionnaire where people can give some feedback. This must write the answers to local files in a write only directory with vbscript. Problem: All works well except that I still found no way to remove all security dialogues. What I tried: 1. I can either put the questionnaire in a html file - than the user sees a security warning about the unsecure ActiveX object (File SystemObject) when he hits the submit button. 2. When I put the questionnaire in a hta file, this warning is missing, but there is a dialog asking whether the user wants to run or save the (local!) hta file when he clicks on the link to it. I understand that this behavior is ok in most scenarios, but I need an exception for this machine - is this possible and how? I would prefer a quick solution over installing a local web server or sql server, of course Any ideas? Frank Heyne ------------------------------------------------------------------------- This List Sponsored by: SpiDynamics ALERT: "How A Hacker Launches A Web Application Attack!" Step-by-Step - SPI Dynamics White Paper Learn how to defend against Web Application Attacks with real-world examples of recent hacking methods such as: SQL Injection, Cross Site Scripting and Parameter Manipulation https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl --------------------------------------------------------------------------
Current thread:
- Writing to a local file without a warning Frank Heyne (Mar 28)
- <Possible follow-ups>
- RE: Writing to a local file without a warning Griffiths, Ian (Mar 28)
- Re: Writing to a local file without a warning Todd Hendricks (Mar 29)
- Re: Writing to a local file without a warning Frank Heyne (Mar 29)
- Re: Writing to a local file without a warning Todd Hendricks (Mar 29)
- RE: Writing to a local file without a warning Damhuis Anton (Mar 29)